boklm pushed to branch maint-13.5 at The Tor Project / Applications / tor-browser-build Commits: 3f16675b by Nicolas Vigier at 2024-08-21T13:08:19+02:00 Bug 41218: Use new Tor Browser gpg subkey for signing stable releases With #40964 we started using a new subkey for signing alpha releases. We now start using the new subkey for signing stable releases too. - - - - - 3 changed files: - tools/signing/linux-signer-gpg-sign - tools/signing/machines-setup/sudoers.d/sign-gpg - tools/signing/wrappers/sign-gpg Changes: ===================================== tools/signing/linux-signer-gpg-sign ===================================== @@ -4,8 +4,6 @@ set -e script_dir=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) source "$script_dir/functions" -test "$tbb_version_type" = "alpha" && export GPG_NEWSUBKEY=1 - cd ~/"$SIGNING_PROJECTNAME-$tbb_version" test -n "$GPG_PASS" || read -sp "Enter gpg passphrase: " GPG_PASS ===================================== tools/signing/machines-setup/sudoers.d/sign-gpg ===================================== @@ -1,2 +1,2 @@ -Defaults>signing-gpg env_keep += "SIGNING_PROJECTNAME GPG_NEWSUBKEY" +Defaults>signing-gpg env_keep += SIGNING_PROJECTNAME %signing ALL = (signing-gpg) NOPASSWD: /signing/tor-browser-build/tools/signing/wrappers/sign-gpg ===================================== tools/signing/wrappers/sign-gpg ===================================== @@ -11,6 +11,5 @@ if test $(whoami) != 'signing-gpg'; then exit 1 fi -gpg_subkey='0xe53d989a9e2d47bf!' -test -n "$GPG_NEWSUBKEY" && gpg_subkey='0x157432CF78A65729!' +gpg_subkey='0x157432CF78A65729!' exec gpg --homedir /home/signing-gpg/.gnupg -absu "$gpg_subkey" --batch --no-tty -o- --passphrase-fd 0 -- "$1" View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/3f... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/3f... You're receiving this email because of your account on gitlab.torproject.org.